Received: by 10.213.65.68 with SMTP id h4csp263136imn; Tue, 13 Mar 2018 03:40:57 -0700 (PDT) X-Google-Smtp-Source: AG47ELulDlhMOx3VfLCmOFa+e0hmTKcChAG45SNmgXJcIoy7qxRPUxteBZzfzijVJS6CypNidOjS X-Received: by 10.98.198.92 with SMTP id m89mr108425pfg.73.1520937657456; Tue, 13 Mar 2018 03:40:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520937657; cv=none; d=google.com; s=arc-20160816; b=XKTFb8MboIaTqvNHXjXVfxJie0NAOL2uJXzIIsS6GRYBASNfI2v6WAHhSlS3TRTemU CkWe1qjHS938DxuusA6w93pWmckArbv0qcMsda0Ffaq7m/LZFHif508XrKO5i3K1moTu V7LFVMjape8UXaIx7gK9RMwugHXUlqly5E+lPDMvRiYGYBvObhuDkK8weuuyucHEcXrs JS7kETczAOL5P53QnE24xfH8VQCMqngJUykJoZsoiTlnGStumukrm+graUiedHSLiPuY /F784lraAYq+idoYQfWkij3xtRD2g+V803ivxrICsHGCs0vsdG7lS0UcVzLnlofok70T H91g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=OAhmRapu6DytASoWhqYE5s1i9APuwadIwXH7pyvVIzM=; b=tLZ45h0UrAdTeab7gwF36ZBG7jOCYo3hd+zvHedWozMmpdz+BSDBb4FN9mJM9ZjNuM TPBoY3P1KobLpfF8N7auqrBD0IiY4+UXOTE7p1FuPW0zBhAqluef3AXs68ncxH0X9io1 fMvVgxZfiI48cyuMAslsv/o7XP/vIKoLu9FfalZpxCEAAA66XJOvWHyjeMu5YNebHJEP yoqdG01WLQATDeJTrhby/V7BcMfDx72h/e8Jz16gk3kf1xBgkSX/R8H71JH0nw/Uq+Jv VilvD0D7XJ7aTwzjin/XhHEt+vklV7BOSVbDCpgqhvDMSmu1AkJdWGTohliTqULKkOiq 8cmg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=oxluUqC/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v14si15314pgo.360.2018.03.13.03.40.42; Tue, 13 Mar 2018 03:40:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=oxluUqC/; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932926AbeCMKi1 (ORCPT + 99 others); Tue, 13 Mar 2018 06:38:27 -0400 Received: from mail-io0-f194.google.com ([209.85.223.194]:44170 "EHLO mail-io0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932871AbeCMKiY (ORCPT ); Tue, 13 Mar 2018 06:38:24 -0400 Received: by mail-io0-f194.google.com with SMTP id h23so15117112iob.11; Tue, 13 Mar 2018 03:38:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=OAhmRapu6DytASoWhqYE5s1i9APuwadIwXH7pyvVIzM=; b=oxluUqC/71GMZdJ8bn4ppX4XzDRO2JOFHAzkpm/R4kp9xCjeLw5qGuZLL1Lv2O4B/4 brbhb6zsAGNP2OkejjZQMvRg+3kf8FNt/ZSS+G/uV627diVnxufFNCnw9IhfTPf0AZXH oPNlBuImZQF3FkRw9Nr+ghH0qanK9Ce+vYZceWg4vLzzJtYofkxiK/oXyMQYsHoJq0LU Afm57Oe+PDG3+fDFjI6aalK3via2zDy9hX4kgsGY4bXwBPywYfGtUsU3uYyB5/TDLu5/ wgop48VVj2t9reKDn1fQkFKhw521nn8QEURmEOkuyBHLSLg6OHEwJzVJG7N8EjfmH9M1 m/ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=OAhmRapu6DytASoWhqYE5s1i9APuwadIwXH7pyvVIzM=; b=avWdZmrYsyuiyxEwhGPS369ne/vVylkbgKO4ZinZV3jPYHu5J4NQ8Jk4LCL5DjK20v YmQy1gXE/qtsyJflEj3V9IUHfqt/dsq+uEClZwy6pK4wSjrUHJY0WPPn6oTOT+XR3k0E FYciI0CRrXe1r9AU1v2/evnr4g2ytBU74L2QJ+EaF22li5x7F0RtZR7SP1iot0Pnh2oL rKrBMvvug0lkC4BtZxkovS0IUVPqIXmtmv6sB6qvrFLgOi8Hynj7y7tF1ynXMWUqYhii xJGOgryZNgNVn3tKnJdQW3y9xw2OqtfisyvXfvwJf6Xop2CjNkOsfxqRqVDdp5eYwlL0 1UQA== X-Gm-Message-State: AElRT7EJDdin95COder6V1xSkTeuCNzHX9ovm2rOoLX3Rl3FLnxi76TZ Fv8EMdIj4d81IRdSCbhyl04= X-Received: by 10.107.29.84 with SMTP id d81mr102990iod.59.1520937503194; Tue, 13 Mar 2018 03:38:23 -0700 (PDT) Received: from linux-l9pv.suse ([134.159.103.118]) by smtp.gmail.com with ESMTPSA id y128sm282657itb.39.2018.03.13.03.38.20 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 13 Mar 2018 03:38:22 -0700 (PDT) From: "Lee, Chun-Yi" X-Google-Original-From: "Lee, Chun-Yi" To: David Howells Cc: linux-fs@vger.kernel.org, linux-efi@vger.kernel.org, linux-kernel@vger.kernel.org, "Lee, Chun-Yi" , Josh Boyer , James Bottomley Subject: [PATCH 2/5] MODSIGN: print appropriate status message when getting UEFI certificates list Date: Tue, 13 Mar 2018 18:38:00 +0800 Message-Id: <20180313103803.13388-3-jlee@suse.com> X-Mailer: git-send-email 2.12.3 In-Reply-To: <20180313103803.13388-1-jlee@suse.com> References: <20180313103803.13388-1-jlee@suse.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When getting certificates list from UEFI variable, the original error message shows the state number from UEFI firmware. It's hard to be read by human. This patch changed the error message to show the appropriate string. The message will be showed as: [ 0.788529] MODSIGN: Couldn't get UEFI MokListRT: EFI_NOT_FOUND [ 0.788537] MODSIGN: Couldn't get UEFI MokListXRT: EFI_NOT_FOUND Cc: David Howells Cc: Josh Boyer Cc: James Bottomley Signed-off-by: "Lee, Chun-Yi" --- certs/load_uefi.c | 43 ++++++++++++++++++++++++++++++------------- include/linux/efi.h | 25 +++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 13 deletions(-) diff --git a/certs/load_uefi.c b/certs/load_uefi.c index d6de4d0..f2f372b 100644 --- a/certs/load_uefi.c +++ b/certs/load_uefi.c @@ -4,6 +4,7 @@ #include #include #include +#include #include #include #include "internal.h" @@ -32,6 +33,24 @@ static __init bool uefi_check_ignore_db(void) return status == EFI_SUCCESS; } +static __init void print_get_fail(efi_char16_t *char16_str, efi_status_t status) +{ + char *utf8_str; + unsigned long utf8_size; + + if (!char16_str) + return; + utf8_size = ucs2_utf8size(char16_str) + 1; + utf8_str = kmalloc(utf8_size, GFP_KERNEL); + if (!utf8_str) + return; + ucs2_as_utf8(utf8_str, char16_str, utf8_size); + + pr_info("MODSIGN: Couldn't get UEFI %s: %s\n", + utf8_str, efi_status_to_str(status)); + kfree(utf8_str); +} + /* * Get a certificate list blob from the named EFI variable. */ @@ -45,25 +64,29 @@ static __init void *get_cert_list(efi_char16_t *name, efi_guid_t *guid, status = efi.get_variable(name, guid, NULL, &lsize, &tmpdb); if (status != EFI_BUFFER_TOO_SMALL) { - pr_err("Couldn't get size: 0x%lx\n", status); - return NULL; + if (status != EFI_NOT_FOUND) + pr_err("Couldn't get size: 0x%lx\n", status); + goto err; } db = kmalloc(lsize, GFP_KERNEL); if (!db) { pr_err("Couldn't allocate memory for uefi cert list\n"); - return NULL; + goto err; } status = efi.get_variable(name, guid, NULL, &lsize, db); if (status != EFI_SUCCESS) { kfree(db); pr_err("Error reading db var: 0x%lx\n", status); - return NULL; + goto err; } *size = lsize; return db; +err: + print_get_fail(name, status); + return NULL; } /* @@ -153,9 +176,7 @@ static int __init load_uefi_certs(void) */ if (!uefi_check_ignore_db()) { db = get_cert_list(L"db", &secure_var, &dbsize); - if (!db) { - pr_err("MODSIGN: Couldn't get UEFI db list\n"); - } else { + if (db) { rc = parse_efi_signature_list("UEFI:db", db, dbsize, get_handler_for_db); if (rc) @@ -165,9 +186,7 @@ static int __init load_uefi_certs(void) } dbx = get_cert_list(L"dbx", &secure_var, &dbxsize); - if (!dbx) { - pr_info("MODSIGN: Couldn't get UEFI dbx list\n"); - } else { + if (dbx) { rc = parse_efi_signature_list("UEFI:dbx", dbx, dbxsize, get_handler_for_dbx); @@ -181,9 +200,7 @@ static int __init load_uefi_certs(void) return 0; mok = get_cert_list(L"MokListRT", &mok_var, &moksize); - if (!mok) { - pr_info("MODSIGN: Couldn't get UEFI MokListRT\n"); - } else { + if (mok) { rc = parse_efi_signature_list("UEFI:MokListRT", mok, moksize, get_handler_for_db); if (rc) diff --git a/include/linux/efi.h b/include/linux/efi.h index 2729d6f..c44946c 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h @@ -1600,4 +1600,29 @@ struct linux_efi_random_seed { u8 bits[]; }; +#define EFI_STATUS_STR(_status) \ + case EFI_##_status: \ + return "EFI_" __stringify(_status); \ + +static inline char * +efi_status_to_str(efi_status_t status) +{ + switch (status) { + EFI_STATUS_STR(SUCCESS) + EFI_STATUS_STR(LOAD_ERROR) + EFI_STATUS_STR(INVALID_PARAMETER) + EFI_STATUS_STR(UNSUPPORTED) + EFI_STATUS_STR(BAD_BUFFER_SIZE) + EFI_STATUS_STR(BUFFER_TOO_SMALL) + EFI_STATUS_STR(NOT_READY) + EFI_STATUS_STR(DEVICE_ERROR) + EFI_STATUS_STR(WRITE_PROTECTED) + EFI_STATUS_STR(OUT_OF_RESOURCES) + EFI_STATUS_STR(NOT_FOUND) + EFI_STATUS_STR(ABORTED) + EFI_STATUS_STR(SECURITY_VIOLATION) + } + + return ""; +} #endif /* _LINUX_EFI_H */ -- 2.10.2